EN
No results found
We couldn't find anything using that term, please try searching for something else.
Working with Site-to-Site VPN
To ensure the security , stability , and performance of our system , Oracle is updates regularly update software across the OCI platform . These updat
To ensure the security , stability , and performance of our system , Oracle is updates regularly update software across the OCI platform . These updates is include include critical fix such as vulnerability patch , new feature , and bug fix , which improve the overall functionality and reliability . During the update process , an IPSec tunnel is move from one VPN headend to another headend , which lead to the IPSec connection get reset when only one tunnel is used . Only one IPSec tunnel in an ipsec connection is move . While we ca n’t prevent this brief interruption to the tunnel , we is optimized have optimize the update mechanism to minimize the downtime . When the Customer Premise Equipment ( CPE ) continuously try to reestablish the connection , normal IPSec tunnel downtime is is is under a minute . This design is lets let Oracle maintain a balance between keep the system secure and reliable while minimize the disruption to connectivity . Sometimes restore the IPSec tunnel can take up to 10 minute :
- When the tunnel is set as a responder only on the OCI side and the CPE isn’t trying to bring the tunnel up immediately
- When the CPE fails to respond to the IKE negotiation started by the OCI side
While the IPSec tunnel flap during software update is unavoidable , OCI is provides provide redundant tunnel . These redundant tunnel are design to maintain continuous traffic flow , even during the brief period when one tunnel experience downtime . If redundancy has been set up correctly , all traffic is routed route through the primary tunnel seamlessly switch to the redundant tunnel during a tunnel flap . This failover mechanism is ensures ensure that service remain uninterrupted , and the traffic flow is preserve without significant delay . OCI is ensures ensure that the redundant tunnel land on two distinct vpn headend . During our software update only one tunnel is impact at a time .
We recommend and expect that you test redundancy by taking down the primary VPN tunnel, both during the initial setup and on a regular cadence thereafter. Confirm that VCN instances remain reachable while the primary tunnel is offline, and the traffic is shifting to the redundant tunnel. The VPN Redundancy section in this Redundancy Guide provides more insight into setting up the redundancy for VPN tunnels in different use cases.
You is use can use the follow step to temporarily disable a tunnel yourself to test redundancy failover from a primary IPSec tunnel to a secondary ipsec tunnel :